[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

SSL certificate validation issue

From: waqas Arshed <cs1624_at_yahoo.com>
Date: Thu, 29 Oct 2009 12:15:49 -0700 (PDT)

Hi All,

I am facing some issue while communicating to SVN using SSL. I am using TortoiseSVN client, version information is given below:

TortoiseSVN 1.6.5, Build 16974 - 32 Bit , 2009/08/20 08:13:46
Subversion 1.6.5,
apr 1.3.8
apr-utils 1.3.9
neon 0.28.6
OpenSSL 0.9.8k 25 Mar 2009
zlib 1.2.3

We have recently purchased and setup a wildcard certificate on our reverse proxy server that sits between SVN Server and external clients. The certificate is issued by ipsCA CLASEA1 Certification Authority and it is an intermediate root certificate. When SVN server is accessed through web browser (tested with IE, FF, Chrome), the certificate works fine, browsers recognize the certificate with no problem at all.
However, when accessed through Subversion Client, an error message is returned:

Error validating server certificate for https://servername.domain.com:443
Unknown certificate issuer.
Fingerprint:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx
Distinguished name: ipsCA CLASEA1 Certification Authority, rest of details....
Do you want to proceed?

Options: Accept Permanently, Accept Once, Reject

We have another SVN server setup in the same way (with a reverse proxy). The reverse proxy server in this case has a certificate installed that is issued by Equifax Secure Global eBusiness CA-1. When this SVN server is accessed through same Subversion Client, it does not show any error and opens the repository without a problem. (The certificate has not been cached or permanently accepted, and of course works perfectly in web browsers as well).

I need to find out what is the exact reason behind this behavior. Is first CA not trusted by Subversion but the second one is? I just need an answer to this problem if someone could kindly help me here, and hopefully a way to resolve it so that clients start to trust the certificate automatically.

Regards,
Waqas Arshed

------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2412795

To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2009-10-29 20:17:00 CET

This is an archived mail posted to the Subversion Users mailing list.